Category Archives: information security

High risk in the cloud

The latest European Cloud Adoption and Risk Report surveyed approximately 1.6 million cloud users.  It discovered that the average number of cloud services used by the average company has increased by 23% in 2014.

The report found that fewer than 10% of these services meet the ‘most stringent’ security requirements while 74% of clouds services used by European firms do not meet the EU’s Data Protection Directive’s regulations.

A key challenge is that employees are using services without the express knowledge or support of their IT departments.  This trend to ‘Shadow IT’ services poses enormous security risks to businesses. 

In one case highlighted by the report one single employee uploaded over 17GB of sensitive data to 71 high risk cloud services over three months.

Lapses in information security

Confidential pay details of staff working at RBS have been inadvertently leaked by the recruitment firm Hays (as reported in the Financial Times today).

The lapse in the management of confidential data is embarrassing to both Hays and to RBS. RBS is shedding many permanent roles and the data makes public the pay rates of temporary staff.

Such lapses impact not only on organisational/brand reputation, but can also have direct financial consequences.

A recent report by Symantec suggests the top ‘social media incidents’ for organisations are employees sharing too much information in a public forum and loss/exposure of confidential data.